Effective: May 19, 2020
Your Privacy Rights
We recognize and comply with the federal government’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and with Canada’s Anti-Spam Legislation (”CASL”). The Company is responsible for the personal information we collect, use, maintain and disclose in compliance with PIPEDA. We are also responsible to collect and use email addresses and phone numbers used for text messages in compliance with CASL. This Policy applies to our interactions with Customers and other members of the public through our website at http://www.cliffandevans.com (the “Site”) as well as to interactions that take place in person or through other modes of communication. To ensure this accountability, we have developed this Policy, and trained our staff about our policies and practices. We also require that Providers understand and comply with this Policy.
What is “Personal Information?”
Personal information is any information that identifies you, or by which your identity could be deduced, such as:
- Contact information: your name, home and business addresses, phone number(s), social media addresses;
- Your e-mail address or an IP address, which may be combined with information about your use of the Site;
- Identifiers, including a Customer or Provider Identifier provided by the Company, used to access the secure third party portal (the “Portal”) through which information and documents are provided to the Company;
- Information about the work that we are doing for you or on which you are working with us (the “Project”), including, for Customers, information about your home/other building or proposed home/other building (the “Building”), its location, applicable zoning issues, the Building’s component parts or contents, and any of your choices or preferences, and for Providers, information about your role and scope of work, products and services to be provided, and for either Customers or Providers, transaction, purchase, or payment information. This may include photographs, architectural and other types of plans, drawings and other artistic works which may be created by you, by us, or by third parties;
- Transaction, billing and payment information, for Customers and for Providers. Bank account and credit card information will be used as provided for in applicable agreements and invoices; and
- Where you provide Personal Information to us about other people (e.g., family members, co-owners, co-tenants, shareholders, directors, officers, board members, beneficial owners, employees, sub-contractors, agents, Customers, or previous owners) you must ensure that you have given those individuals appropriate notice that you are providing that information to us and have obtained their consent to that disclosure.
Why Do We Collect Personal Information From You?
We collect Personal Information from you to:
- Communicate during all stages of our work on the Project, where Personal Information is included in proposals, plans, work schedules, contracts, sub-contracts, and invoices;
- Facilitate access to and use of the Site and the Portal;
- Communicate with you to respond to questions, to confirm instructions and schedules, to facilitate requests for information or work, including for work orders;
- Enter into contracts or service arrangements with architects, engineers, designers, sub-contractors, and other consultants or service providers, tradespeople or suppliers of products and services, (whether retained by the Company or directly by a Customer, collectively, “Providers”);
- Send updates, statements and invoices, or to respond to questions or requests;
- Complete transactions and make payments;
- Send commercial electronic messages (“CEMs”) by e-mail or by text, when you agree in advance to receive them or where we have your implied consent as set out in CASL.
How Do We Collect Your Personal Information?
We collect information only by lawful and fair means and not in an unreasonably intrusive way. Wherever possible we collect personal information directly from you, but we may also obtain information about you in other ways and from other sources, such as:
- Personal Information may be included or implied by information and documents you provide to us, directly or through the Site or through the Portal, including requests, proposals, estimates, or plans;
- Indirectly from you, based on your social media posts (e.g., Facebook, Instagram, Pinterest, Houzz), or based on your feedback to the Site, to marketing communications we send to you, or based on your participation in events that we sponsor or attend with you;
- Indirectly from you, based on your telephone number, IP address, browser type and version and any identifiers associated with your communications to us;
- From public sources, e.g., municipal property or planning records, property listings, agreements of purchase and sale; and
- From any Providers, or from a previous owner or vendor.
In most cases, we shall ask you to provide explicit consent (in writing, or verbally) if we collect, use, or disclose your personal information. Sometimes, your consent may be implied through your conduct with us.
How Do We Use Your Personal Information?
We use your Personal Information as identified above under, “Why Do We Collect Personal Information From You?”
How Do We Disclose Your Personal Information?
As required by the circumstances, we disclose Personal Information to Providers, to Customers, and other persons as required to facilitate completion of Projects. For Providers that we retain on behalf of Customers, our agreements with the Provider states that it may not use Customer or other Provider Personal Information for any purpose not connected to the applicable Project without the consent of the person whose Personal Information is involved. Otherwise, arrangements between Customers and Providers, including any Providers that are retained directly by Customers, or arrangements between or among Providers, are for those individuals to determine directly.
Under certain circumstances, the Company will also disclose Personal Information, including:
- when you have consented to the disclosure;
- when we are required or authorized by law to do so, for example if a court issues a subpoena;
- when the services we are providing to you require us to give your information to a third party your consent will be implied, unless you tell us otherwise;
- where it is necessary to establish or collect amounts owed to us or in association with legal proceedings to establish, protect or defend our legal rights;
- if the Company or its assets are sold to another business, we may disclose your Personal Information to the buyer since Customer information is typically one of the assets that is transferred on the sale of a business;
- where the information is already publicly known.
Is My Personal Information Secure?
The Company takes all reasonable precautions to ensure that your Personal Information is kept safe from loss, unauthorized access, modification or disclosure. However, because the transmission of information via the Internet is not completely secure we cannot guarantee the security of your Personal Information and such transmission is at your own risk. Among the steps taken to protect your Personal Information are:
- engaging a reputable third party Portal service provider;
- physically securing our premises;
- the use of secure servers and competent technology and telecommunications service providers for the Portal and for other technology services;
- restricting access to Personal Information, including limiting access to those of our employees, the Portal service provider and other technology service providers, and other Providers who need it for their work;
- deploying technological safeguards such as security software and firewalls to prevent hacking or unauthorized computer access; and
- internal and Portal user id, password and security policies.
How Can You Access and Update Your Personal Information?
It is important that the Personal Information we hold about you be accurate and up-to-date. If any of your contact or other Personal Information changes, please inform us so that we can make any necessary changes.
As provided for in PIPEDA, you have the right to access any Personal Information we hold about you. Summary information is available on request. More detailed requests which require archive or other retrieval costs may be subject to our normal professional and disbursement fees.
As provided for in PIPEDA, you also have the right to correct or update any Personal Information we hold about you. Following receipt of notification from you, the Company will take reasonable steps to correct it.
If you opt-out or Unsubscribe to CEMs as described in CASL, we will update our records within ten (10) business days. We will not send any CEMs to you after that, although we will continue to communicate with you with respect to the Project for as long as we have an existing business relationship with you as provided for by CASL, including with respect to any follow-up issues, and payment.
Can I be Denied Access to My Personal Information?
Your rights to access your Personal Information are not absolute. We may deny access as provided for by PIPEDA, including when:
- denial of access is required or authorized by law;
- when granting you access would create risks for other people’s privacy rights;
- to protect the Company’s rights and property; or
- where the request is frivolous or vexatious.
If we deny your request for access to, or refuse a request to correct information, we shall explain why.
To help us make credit decisions about our Customers, Providers, to prevent fraud, to confirm the identity of new Customers or Providers, and to prevent money-laundering, we may on occasion, request information about you from the files of consumer reporting agencies.
How Long Do You Retain my Personal Information?
We keep your personal information as long as is reasonably necessary for us to complete our work on the Project, and any follow up or future work, including in connection with any Providers, payments, or as may be required by law, whichever is longer.
Communicating with Us
Although we are careful to take the security precautions described above, please be aware that the use of telecommunications (use of the Site, the Portal, emails, or texts) can never be guaranteed to be 100% secure. There may be situations in which you should provide Personal Information or other confidential information to us in person, by personal delivery or by mail.
This Policy is effective as of the date referenced above, and may be updated from time to time. Updated versions will be posted on the Site, and are also available upon request to the Privacy Officer identified below.
Privacy Officer Contact
By mail: 209 Wicksteed Ave., Suite 44, Toronto, ON M4G 0B1
By e-mail: firstname.lastname@example.org
Although PIPEDA does not apply to our employee information, we have elected to follow privacy best practices in this area. If you apply to the Company for a job, we need to consider your Personal Information as part of our review process. We may collect, use and disclose additional information beyond that described in this Policy; for example, contacting references, or conducting criminal reference checks. We normally retain information from applicants after a decision has been made in connection with possible future hiring, unless you ask us not to retain the information. If we offer you a job, which you accept, the information will be retained with our privacy procedures for employee records.